I didn't really want to re-post this..  but I am kind of stuck.  I have several access points that handle different VLANs, for different equipment, to keep them separated.  On the  router and switch I basically copied and edited the entries for a new vlan (vlan 9) and configured an ap for it, set up like the others,  but for the new vlan 9.  But no traffic tcp/dhcp seems to  "go through". I have the configs for the router I have (a Cisco 2951), a switch the access point is connected to (a Cisco 2960) and an access point (an aironet 1100)

Here are the configs.  (All the other vlans over APs work,  so I am kinda pulling my hair out,  why this new vlan 9 is not working.)

(I don't think any traffic is going through the AP from clients, but they get "associated".  I don't see any DHCP messages from that subnet (192.168.9.0), the other wireless networks just work fine.

thank you!.

the Aironet 1100 AP:

ap-nata#show run
Building configuration...

Current configuration : 2087 bytes
!
! No configuration change since last restart
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap-nata
!
no logging console
!
clock timezone -0700 -7
clock summer-time -0600 recurring
ip subnet-zero
no ip domain lookup
ip domain name localdomain
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
!
dot11 ssid TM-NATA
vlan 9
authentication open
guest-mode
!
dot11 network-map
!
!
username admin privilege 15 password 7 105A1A0C0B161F025D57
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid TM-NATA
!
speed 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.9
encapsulation dot1Q 9
no ip route-cache
bridge-group 9
bridge-group 9 subscriber-loop-control
bridge-group 9 block-unknown-source
no bridge-group 9 source-learning
no bridge-group 9 unicast-flooding
bridge-group 9 spanning-disabled
!
interface Dot11Radio0.37
encapsulation dot1Q 37 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.9
encapsulation dot1Q 9
no ip route-cache
bridge-group 9
no bridge-group 9 source-learning
bridge-group 9 spanning-disabled
!
interface FastEthernet0.37
encapsulation dot1Q 37 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.37.22 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.37.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
sntp server 192.168.1.1
sntp broadcast client
end

the Cisco 2951 router:

Charon-2951#show run
Building configuration...

Current configuration : 11091 bytes
!
! Last configuration change at 22:13:50 MST Wed Jan 24 2024 by admin
! NVRAM config last updated at 15:01:13 MST Wed Jan 17 2024 by admin
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Charon-2951
!
boot-start-marker
boot system flash0:c2951-universalk9-mz.SPA.156-3.M9.bin
boot system flash0:c2951-universalk9-mz.SPA.154-1.T1.bin
boot-end-marker
!
!
enable secret 5 $1$Y6Ap$foIYqVqbcci.b9/iOKKVt/
!
no aaa new-model
clock timezone MST -7 0
clock summer-time MDT recurring
!
!
!
!
!
!
no ip source-route
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
ip dhcp excluded-address 192.168.7.1 192.168.7.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.8.1 192.168.8.10
ip dhcp excluded-address 192.168.9.1 192.168.9.10
ip dhcp ping timeout 600
!
ip dhcp pool VLAN1-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-1
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name localdomain
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN4-DCH-S150
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-4
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.4.1
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN6-TONTON-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-6
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.6.1
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN2-SERVERS
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-2
default-router 192.168.2.1
dns-server 192.168.1.1
domain-name localdomain
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN3-DEVICES-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-3
default-router 192.168.3.1
dns-server 192.168.1.1
domain-name localdomain
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN7-THE-MATRIX-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-7
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.7.1
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN5-WEMO-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-5
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.5.1
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN8-SEISMO
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-8
dns-server 192.168.1.1
domain-name localdomain
default-router 192.168.8.1
option 42 ip 192.168.1.1
!
ip dhcp pool VLAN9-NATA-EQUIPMENT-POOL
import all
origin file tftp://192.168.2.8/dhcp/static-bindings-hw-9
default-router 192.168.9.1
dns-server 192.168.1.1
domain-name localdomain
option 42 ip 192.168.1.1
!
!
!
ip domain name localdomain
ip host cisco-ap1.localdomain 192.168.37.11
ip host cisco-ap-seismo.localdomain 192.168.37.20
ip host cisco-ap-nata.localdomain 192.168.37.22
ip host cisco-ap2.localdomain 192.168.37.12
ip host charon.localdomain 192.168.1.1
ip host C2960s-south.localdomain 192.168.1.3
ip host zoneminder.localdomain 192.168.2.8
ip host trotter.localdomain 192.168.1.112
ip host f007th.localdomain 192.168.3.163
ip host wemo.localdomain 192.168.7.37
ip host seismo.localdomain 192.168.8.84
ip host cisco-ap9.localdomain 192.168.37.19
ip host cisco-ap6.localdomain 192.168.37.16
ip host trotter67.localdomain 192.168.1.109
ip host cnc.localdomain 192.168.2.115
ip host cuda.localdomain 192.168.2.116
ip host zonemaster.localdomain 192.168.1.116
ip host picoscope.localdomain 192.168.2.37
ip host C2960s-north.localdomain 192.168.1.2
ip host AP-TM-W-F7C033.localdomain 192.168.1.5
ip host trotter68.localdomain 192.168.1.110
ip host trotter68.central-plex.us 192.168.1.113
ip host waves.localdomain 192.168.2.118
ip host quadra.localdomain 192.168.7.38
ip host Samsung-HDTV.localdomain 192.168.3.3
ip host wintrotter.localdomain 192.168.1.106
ip host picopod.localdomain 192.168.1.107
ip host cisco-ap7.localdomain 192.168.37.17
ip host cisco-ap8.localdomain 192.168.37.18
ip host north.localdomain 192.168.1.2
ip host cisco-ap5.localdomain 192.168.37.15
ip host south.localdomain 192.168.1.3
ip host cisco-ap-seismo-2.localdomain 192.168.37.21
ip name-server 8.8.8.8
ip name-server 9.9.9.9
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2518389273
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2518389273
revocation-check none
rsakeypair TP-self-signed-2518389273
!
!
crypto pki certificate chain TP-self-signed-2518389273
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353138 33383932 3733301E 170D3233 31303137 31353039
33315A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313833
38393237 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AA4A 8AFE69E1 98501862 7CCDAC68 CF920A38 CEFE59A5 B42C9882 B6C2ED51
4E56AC77 1B0E8416 C3D8C7F6 44812076 3D60D3D8 21A51EBD 60B61AB8 42273954
647E3D30 3FD79800 CED4F138 24981F5E C633D623 D1431B16 CDCCAB6F A966AA95
E627D4E4 65203C54 D69D4E5A ABAB2A8F 8EDC3EEA CA0EFA32 433C2C19 8B5E777E
A87B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 140F4538 3AD46471 F15FCA02 2AFDC119 8529B18D 82301D06
03551D0E 04160414 0F45383A D46471F1 5FCA022A FDC11985 29B18D82 300D0609
2A864886 F70D0101 05050003 81810002 303BAC26 A9A0A9B6 CC3707FD 5931A7B0
3008CCE3 F5AB7FFB 588A6A62 DBAB6B3F 4B2D9621 82B19848 04518953 E82BC639
50317FB7 49425CB9 41EA5C2B 313BC190 73FC17D0 A8A48FC7 1E64DEF9 A610EA5B
20B05AF5 0976B3D7 45203D4B D1C46B6C 717B6CF1 B635F0D3 28B39B21 2158662C
CCD1D521 766CCCCE 08140223 B9651B
quit
voice-card 0
!
!
!
!
!
!
!
!
vxml logging-tag
license udi pid CISCO2951/K9 sn FCZ1622702R
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
!
username admin privilege 15 password 7 1500085A550A3F373D3D342F1A5441
!
redundancy
!
!
buffers huge size 49152
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.2.255
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.6
encapsulation dot1Q 6
ip address 192.168.6.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
!
interface GigabitEthernet0/1.7
encapsulation dot1Q 7
ip address 192.168.7.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.8
encapsulation dot1Q 8
ip address 192.168.8.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.9
encapsulation dot1Q 9
ip address 192.168.9.1 255.255.255.0
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.37
encapsulation dot1Q 37
ip address 192.168.37.1 255.255.255.0
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip forward-protocol udp discard
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns view default
domain list localdomain
ip dns server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/0 overload
ip nat inside source list 103 interface GigabitEthernet0/0 overload
ip nat inside source list 104 interface GigabitEthernet0/0 overload
ip nat inside source list 105 interface GigabitEthernet0/0 overload
ip nat inside source list 107 interface GigabitEthernet0/0 overload
ip nat inside source list 108 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.2.8 22 interface GigabitEthernet0/0 22
ip nat inside source static tcp 192.168.2.8 80 interface GigabitEthernet0/0 80
ip nat inside source list 109 interface GigabitEthernet0/0 overload
ip nat inside source list 167 interface GigabitEthernet0/0 overload
ip nat inside source list 168 interface GigabitEthernet0/0 overload
ip route 192.168.66.0 255.255.255.0 192.168.1.112
ip route 192.168.67.0 255.255.255.0 192.168.1.112
ip route 192.168.68.0 255.255.255.0 192.168.1.116
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip ssh version 2
!
!
nls resp-timeout 1
cpd cr-id 1
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
access-list 103 permit ip host 192.168.3.164 any
access-list 104 permit ip host 192.168.4.237 any
access-list 105 permit ip host 192.168.5.237 any
access-list 107 permit ip 192.168.7.0 0.0.0.255 any
access-list 108 permit ip 192.168.8.0 0.0.0.255 any
access-list 109 permit ip 192.168.9.0 0.0.0.255 any
access-list 163 permit ip 192.168.3.0 0.0.0.255 any
access-list 167 permit ip 192.168.67.0 0.0.0.255 any
access-list 168 permit ip 192.168.68.0 0.0.0.255 any
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
transport preferred none
line aux 0
transport preferred none
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 105C0A4F54370618190A2B262D7B64
login local
transport preferred none
transport input ssh
line vty 5 15
login local
transport preferred none
transport input ssh
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
ntp server time.nist.gov
!
end

the Cisco 2960 switch:

South#show run
Building configuration...

Current configuration : 5843 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname South
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$S873$6ik6XiM5OMHyd3u/oKuOc/
!
username admin password 7 05190559706C5A1A0C0B161F025F53
!
!
no aaa new-model
clock timezone UTC -7
clock summer-time UTC recurring
switch 1 provision ws-c2960s-24ps-l
!
!
ip domain-name localdomain
!
!
crypto pki trustpoint TP-self-signed-1464510976
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1464510976
revocation-check none
rsakeypair TP-self-signed-1464510976
!
!
crypto pki certificate chain TP-self-signed-1464510976
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343634 35313039 3736301E 170D3933 30333031 30303032
33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34363435
31303937 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DF26 38F336C6 A25C6FDE 43B27C20 583B08B3 BE0133DB 7ED37C09 EBE7EA4F
16173FE7 E0FC1E3A 83864D35 D357DA47 E9261D92 C666F8DA 59297C32 E0013EF2
905AC018 4458DEF8 D3DA106C 458375B2 ABDF6180 E59E6C2C E2DD323C EEE6EBF2
C49F0055 481E050F 1DBA91AF 4C5940ED 19575A76 76BE5896 F838E7CC 90A1D0EF
869D0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11536F75 74682E6C 6F63616C 646F6D61 696E301F 0603551D
23041830 16801403 DF2C382A DE81D8E7 A68EFB68 EFE61B13 20001B30 1D060355
1D0E0416 041403DF 2C382ADE 81D8E7A6 8EFB68EF E61B1320 001B300D 06092A86
4886F70D 01010405 00038181 006FC9BC 5CBE8C78 FBC34C39 9516CEF2 B7482C0E
0ED60AA9 F4146AC3 0307A511 204CB683 55361CF2 A4356FA8 7CB15B62 0EE1CA66
839C46B3 672490ED BAD963F8 32171AD3 7D545A37 029F63A7 2F405D7C 21669FF5
0248AA30 94CB0953 C528DF5F DF968A6D 75CF39F6 2FC1BB99 6BB21174 0719F886
FC1AE778 37301999 6F109328 39
quit
spanning-tree mode pvst
spanning-tree extend system-id
auto qos srnd4
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
description to 4 port swith for trotter67
switchport trunk allowed vlan 1,2
switchport mode trunk
!
interface GigabitEthernet1/0/2
description AP9 port
switchport trunk native vlan 37
switchport trunk allowed vlan 4-7,37
switchport mode trunk
!
interface GigabitEthernet1/0/3
description access port for trotter68
!
interface GigabitEthernet1/0/4
description AP1 port
switchport trunk native vlan 37
switchport trunk allowed vlan 3-7,37
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/6
description AP6 port
switchport trunk native vlan 37
switchport trunk allowed vlan 4-7,37
switchport mode trunk
!
interface GigabitEthernet1/0/7
description laptop/workstation
!
interface GigabitEthernet1/0/8
switchport access vlan 4
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/11
description wemo AP test port
switchport trunk native vlan 37
switchport trunk allowed vlan 5,37
switchport mode trunk
!
interface GigabitEthernet1/0/12
description seismo AP port
switchport trunk native vlan 37
switchport trunk allowed vlan 8,37
switchport mode trunk
!
interface GigabitEthernet1/0/13
description entertainment port (TV/DVDetc)
switchport trunk allowed vlan 3
switchport mode trunk
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
description AP port for NATA equipment
switchport trunk native vlan 37
switchport trunk allowed vlan 9,37
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 6
switchport mode access
!
interface GigabitEthernet1/0/24
description AP port for NATA equipment
switchport trunk native vlan 37
switchport trunk allowed vlan 9,37
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
switchport trunk native vlan 37
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.3 255.255.255.0
!
interface Vlan2
ip address 192.168.2.3 255.255.255.0
!
interface Vlan3
ip address 192.168.3.3 255.255.255.0
!
interface Vlan4
ip address 192.168.4.3 255.255.255.0
!
interface Vlan5
ip address 192.168.5.3 255.255.255.0
!
interface Vlan6
ip address 192.168.6.3 255.255.255.0
!
interface Vlan7
ip address 192.168.7.3 255.255.255.0
!
interface Vlan8
ip address 192.168.8.3 255.255.255.0
!
interface Vlan9
ip address 192.168.9.3 255.255.255.0
!
interface Vlan37
ip address 192.168.37.3 255.255.255.0
!
ip default-gateway 192.168.1.1
ip http server
ip http secure-server
!
ip access-list extended Deny_TM-W-F7C033_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps
permit ip any any
ip sla enable reaction-alerts
!
line con 0
line vty 0 4
login local
length 0
transport input ssh
line vty 5 15
login local
transport input ssh
!
end